PDAs sold on eBay 'loaded with sensitive data'

PDA owners are still failing to delete personal and corporate information from used devices

Most used smartphones and PDAs for sale online are loaded with sensitive data ranging from banking records to corporate emails that can easily be retrieved by hackers and data thieves, it was alleged today.

According to a sampling by mobile security software provider Trust Digital, much of this sensitive information is retained in the Flash memory of the devices because of a widespread failure to perform the advanced hard reset required to delete data.

Trust Digital claimed that its engineers were able to recover nearly 27,000 pages of personal, corporate and device data from nine out of 10 mobile devices purchased through eBay for the project.

The salvaged data included personal banking and tax information, corporate sales activity notes, client records, product roadmaps, contact address books, phone and web logs, and calendar records.

The researchers also found personal and business correspondence, computer passwords, medical information, and other private, competitive or potentially damaging material.

Devices with retrievable data included those belonging to a former employee of a publicly traded security software company, an employee of a web services firm, and a corporate counsel at a multi-billion dollar technology company serving the legal market.

"Personal and corporate data is being sold on the open market through eBay, and is also available to anyone who finds, steals or purchases a used smartphone or PDA from any other source," said Trust Digital chief executive Nick Magliato.

"With nearly two billion smartphones currently on the market, the potential for having this information fall into the wrong hands is staggering.

"The general public needs to be made aware of this fact. Whether you're talking about pilfering an individual's private files or stealing corporate secrets, this adds up to a very real data theft epidemic."